SonicWall Content Filtering Service (CFS) helps organizations and educational institutions enforce their productivity and protection policies and block inappropriate, illegal and dangerous Web content. Featuring a dynamic rating and caching architecture, SonicWall CFS blocks multiple categories of objectionable Web content and provides the ideal combination of control and flexibility to ensure the highest levels of productivity and protection. Data is forwarded directly to the SonicWall ViewPoint reporting package, delivering a high level of network visibility through graphs, charts and data search functionality. And as an added benefit, SonicWall content filtering is configured and controlled from the appliance, eliminating the need for a costly, dedicated filtering server.

An easy to manage solution.SonicWall CFS combines application-based policy enforcement with comprehensive content filtering, in a cost-effective, easy-to-manage solution. URLs, IP addresses and domain ratings are locally on the firewall, reducing response time to frequently visited sites to a fraction of a second. Administrators can control bandwidth based upon Content Filtering Service rating, as well as specific IP addresses, sites or even applications when combined with SonicWall Application Intelligence and Control

Ideal for small to large organizations.SonicWall CFS is deployed in a wide variety of organizations, including business enterprises, universities, libraries and government agencies, as well as distributed public Internet "hotspots." Ease of management, scalability and superior performance make CFS an ideal solution for larger enterprises with complex configuration requirements.

Mitigating risks of unrestricted access.SonicWall CFS helps reduce the risks incurred by not restricting employees, students, or other users from accessing websites that are inappropriate or offensive, especially when there is a legal responsibility and obligation to keep the workplace free from offensive material. In addition, unrestricted access drains productivity by promoting wasteful Web surfing. Unrestricted access often leads to infection by viruses, spyware and malware, since many of the sites that are contained in blocked categories are common sources of malicious attacks. Installing a content filtering solution can eliminate these and other problems.

Flexibility and policy enforcement.Administrators are free to create local or enterprise-wide policies that are specifically designed to meet their own requirements and legislative mandates. The dynamic rating architecture can be used to block up to 56 categories of objectionable or inappropriate Web content, providing a high level of transparent control, ease of administration and granular policy enforcement. The local URL filtering feature adds flexibility by letting administrators go beyond categories to block or allow specific domains or hosts. Policies can be applied to individuals or defined groups (e.g., students and faculty) and set to block automatically downloadable files or apply filtering by time of day.

Caching and performance.SonicWall CFS is built around a website caching and rating architecture that allows administrators to block sites automatically by category for easier administration. The caching feature stores URL ratings locally on the SonicWall firewall, so response time is only a fraction of a second. In addition to filtering offensive Web content, CFS helps enhance performance by filtering out download sites for MP3s, streaming media, freeware and other files that consume tremendous amounts of bandwidth and are often the source of spyware and other malware.

Compliance and regulations.A number of legislated regulations contain content filtering requirements that can be met using SonicWall CFS. For example, the Children's Internet Protection Act (CIPA) requires all schools and libraries that receive eRate funding to install content filtering. The flexibility of CFS, and the ability to set custom policies for different groups or different times of day, makes it ideal for educational settings. In addition, the reporting necessary to comply with these mandates can be fulfilled by SonicWall's Global Management System (GMS) and ViewPoint reporting package.

In addition to external regulation compliance, CFS is an integral part of internal compliance programs designed to reduce the liabilities that may incur when inappropriate content is allowed into the network. When Web access is unrestricted, not only is the result counter-productive, it can also result in costly lawsuits.

Visibility and reporting. SonicWall ViewPoint reporting software along with SonicWall CFS can allow customers to run granular reports summarizing Web access details. Both real-time and historical reports can be easily customized and delivered in a variety of formats. In addition to comprehensive graphical reports, users also can take advantage of at-a-glance reporting.

How it works.SonicWall CFS is based on a rating architecture that relies on a dynamic database to block objectionable or inappropriate websites. CFS cross-references all websites as they are requested against a vast and highly accurate database of URLs, IP addresses and domains. The SonicWall appliance then receives a rating in real time, and compares that rating to the local policy setting. The appliance will then either allow or deny the request, based on locally configured policy.

SonicWall CFS has categorized over 20 million URLs, IP addresses and domains in a continuously updated, dynamically rated database, with thousands more added daily. Because the ratings are determined both by artificial intelligence and human observation, the database is highly accurate and the instance of false positives is minimized. The policy-based system allows the administrator to block all pre-defined categories or any combination of categories, and to apply these policies on a granular level. For example, if one group of users requires access to sites typically found within one category, this level of access can be granted while still denying access to other users.

Categories range from offensive types of content such as "Violence," which would include anti-social websites that advocate use of weapons or explosives, to sites that may not be offensive but would otherwise cause a potential risk to the network in terms of bandwidth usage, such as Software downloads or Streaming Media/MP3.